Many organizations run workloads in multiple clouds and on premises for flexibility and continuity. But with so much sprawl across disparate platforms, IT teams struggle to keep an eye on their entire IT infrastructure.
Hybrid cloud offerings, such as Microsoft Azure Arc, can help IT teams manage workloads that span across multiple environments. With Azure Arc, users get the benefits of Azure services and management tools, regardless of where their workloads live. This hybrid cloud offering can be used with workloads hosted in the Azure public cloud, on premises or even in another provider's cloud.
IT teams can use Azure Arc for many deployment scenarios, including Kubernetes cluster management and server governance and management. It can also be used to run data analytics and database management systems.
It should be noted that the service is currently in preview. New features could be added over time, while others may change prior to general availability. This Azure Arc tutorial focuses on the server management feature.
Get started with Azure Arc
This video demonstrates how to connect a local machine to Azure Arc and how to enable both Azure Arc and Guest Configuration policies on an Azure subscription. It also breaks down how to onboard an on-premises server using a script generated inside the Azure portal.
The video shows you how to successfully connect a local server to Azure through Azure Arc, and then how to check that it complies with your baseline configuration policies. These policies are applied across numerous resources, including on-premises and cloud resources, to ensure consistency in all environments. The tutorial finishes with a demonstration on how to remediate a local server that is out of compliance, and confirm that its status updates in the Azure portal. This enables users to track configuration drift across all resources going forward.
Watch the step-by-step Azure Arc tutorial or follow along with the transcript below to better understand how this hybrid cloud service works.
Transcript - Watch this Azure Arc tutorial on hybrid cloud management
Azure Arc is a new service from Microsoft, which enables hybrid cloud computing. This means you can benefit from Azure services and management tools, regardless of where your workloads live. This includes your on-premises servers, and even those running in other cloud services. This service is currently in preview, so the features you're about to see could potentially change in the future and there's going to be more features added over time.
So we'll start by heading into the Azure portal. There is a prerequisite we need to satisfy before we can actually get going here, and that's enabled on our subscription. So head up to the top and search for subscriptions, and choose that from the list. Then choose the subscription under which you want to add your on-premises servers through Azure Arc. I've only got one, so I'll choose that from the list. And then from the options on the left, I'll scroll down and choose Resource providers.
In order to enable Azure Arc, you need the Microsoft.HybridCompute resource. And you can search for that using the filter box. As you can see, I've already got HybridCompute enabled. But if you need to enable that, you can click on there and click Register. Since I already have it registered, this has changed to Re-register for me. While we're here, we will also enable another resource provider, that being Microsoft.GuestConfiguration. This one's going to be used for Azure policies, which we can apply to our on-premises servers, as well as our Azure resources.
The other thing I'll show before continuing, is that we've got a resource group set up. So I'll head into Resource groups and I already have a TechSnips-Arc resource group ready to go. Inside this resource group, I have one VM and its associated components. And this is where I'll be adding my on-premises server.
So let's see how we go about actually using Azure Arc to get a server into Azure. Once again, we'll head up to the search box and look for Arc. Choose Azure Arc from the list and you're greeted with a splash page. We can choose from three options. The one we'll be using is on the left for governing servers. You can also sign up for even earlier previews for managing Kubernetes and data servers, such as SQL databases.
We'll head into Manage Servers. As you can see, I currently have no machines registered through Azure Arc. To add a machine, I'll click the Add button. And I'm going to add mine using an interactive script. So go ahead and click Generate script. This is going to ask me questions about where my resource is going to end up showing within Azure.
The first thing I need to specify is my subscription. I only have the one, but you can select yours from the drop-down list. And then I also need to choose my resource group. I'll choose that TechSnips-Arc one that I showed previously. And I'm going to leave the region as West US 2. And as you can see, during the preview, there's only actually three regions you can choose, rather than the exhaustive list that's normally available.
Now, the server that I'm going to be connecting is a Windows box. But you can also choose Linux, if that's the machine that you're dealing with. And if you're on-premises server, or even your servers running in another cloud provider, are sitting behind a proxy, you can specify the proxy URL here, so that the agent knows how to communicate out to Azure. I'm not going to be configuring text. So I'll go ahead and click Review and generate. This is going to give me a script that I can run on my on-premises server to register it with Azure Arc. Take a copy of that script. And then let's head over to my on-premises server.
So let's go through that script, piece by piece. There are three components to the script that it generated. The first is downloading the msi file for the Azure Arc agent. And that just downloads the file itself to the local server. The next step is actually installing the msi and it does this using msi exec, specifying the msi we just downloaded and also an installation log text file. So we'll go ahead and run that and when it completes, we have the agent itself installed. Then we need to do the final step, which is actually connecting the agent to Azure Arc.
The agent is installed now. And as I said, the next step is connecting that agent. So the final step is calling the agent exe file, using the connect option on it. And then specifying the resource group, tenant ID, location and subscription ID for where that resource is going to set in the Azure portal.
I have saved my tenant ID and subscription ID and the variables just so I don't expose them during this video. But the script that the portal generates for you actually has them there. So you don't need to worry about that at all. Also, the settings here match what you put in that form when generating the script. So go ahead and run that. It's going to ask us to authenticate against the browser. So go and grab that URL, head over to Firefox and navigate to that URL. And then I need the code that it provided and I'll enter it here.
Now I need to actually grant permission for this machine to access Azure. I'm already logged in, so I can just click my account and I'm in. I can close this browser window now and head back to my remote PowerShell session. In a moment, we'll see this flick over and we'll be authenticated. All right, we can see from the login here that we've successfully on boarded, and we're back to our PowerShell prompt.
So clear the screen because we'll be back here later. And then head back to the Azure portal. And I'll go back to my machines listening, give it a refresh. We can see that my local machine is now in Azure Arc, and it's connected.
I'll head back through to my resource group. We can see that alongside my Azure virtual machine, if I scroll down, is my as Azure Arc machine. From here, I can click into the machine and you'll see a screen that looks fairly familiar. It looks much like an Azure VM screen would look, except you don't have any of the controls to, for instance, shut down the machine, or do a lot of the day-to-day doing of managing a VM at the moment.
One thing we can do is apply Azure policies. And if we head over to Azure policy by searching for it, we can see that I currently have a couple policies. One that says VMs should have a TechSnips user, and they should be in the administrative group. And another one that says that the time zone on my VMs should be set to New Zealand Standard Time. At the moment, these say compliant, and that there's one of one compliant resources, both of these policies assigned to my TechSnips-Arc resource group. We've just added a resource in there. And if we waited long enough, it would pick those up, it would check compliance and it would report that back to me.
We can speed that up by heading into Remediation. And for each of those policies we will click into the context menu and choose Remediate and Re-evaluate resource compliance. What this does is it goes out to all of the resources under the scope that the policy is set to. In this case, that is the resource group. And it checks all of the relevant resources. So for these, it's VMs, or Azure Arc connected machines. It will check the compliance and it will also deploy any bits that it needs to the machine in order to do those checks.
At this stage, it's not possible to actually change the state of the machine through these policies. It's only a reporting tool. So it can tell me that my VM doesn't have the right time zone set. But it can't change the time zone for me.
You can see both of those tasks I just started are sitting there as Evaluating. These are going to sit there for about 10 to 15 minutes. So we'll pause the video and we'll come back when they are complete.
All right, our two remediation tasks are finished. Let's head back over to compliance and see what's changed.
You can see that my two policies, one about my TechSnips user and the time zone have changed to one of two resources being out of compliance. Given that the only thing that's changed has been we've added an Azure Arc machine, it's safe to assume that that machine is my issue here. But to double check, we will click into one of the policies, scroll down and have a look at the noncompliant resources. And sure enough from the list, we can see my local machine, which is Hybrid Compute, is the machine that isn't currently compliant.
So what we'll go ahead and do is head over to my local machine again, set the time zone and create a TechSnips user, making sure that it's an administrative group. Then we'll see if we can get these policies back into compliance.
All right, I'm back onto my local machine. We'll start by checking what the time zone is currently set to. It's currently set to UTC. So I'll go ahead and set that to the time zone that I actually wanted them, which is New Zealand Standard Time. And then I can check the time zone again. And I can see that has been updated.
Now, the next thing I need is a TechSnips user. So first, I'll make sure that I don't already have that user on my machine, which I don't. So I'll go ahead and create it. First, I'll set a password and then create the user itself.
Now, as you recall, that policy actually called for this user to not just exist, that it needs to be in my local admins group. So I'll go ahead and add it to that group. Let's just make sure that that group membership has updated correctly. As you can see, my administrators group has the TechSnips user, as well as the default local administrator.
So let's head back over to Azure portal. And we'll kick off those remediation tasks again, just to speed up the process here. Remember, if we left this for enough time, it would update by itself. I'm just running the remediation tasks to speed things up for this demo.
So head back over to Remediation on each of the policies in question. Click Remediate, Re-evaluate and Run. I'll do that again for the other policy.
That's going to take another 10 to 15 minutes, but at least that's a heck of a lot quicker than just sitting and waiting for it to happen naturally. So we'll pause the video and we'll come back in about a quarter of an hour.
All right, our remediation tasks are finished. So let's head back over to compliance and see what's changed. And we'll just go ahead and refresh this, we can see that both of those policies, that being the TechSnips user one and my time zone, both say that they are fully compliant with two of two resources. So that means now we've brought in my on-premises server into policies that I already had configured to validating the configuration on my Azure VMs. Now going forward, I can bring in more VMs and ensure a consistent policy is enforced across all of them. And if someone goes in and happens to make a change, I'll see that via my policy compliance.
So finish this video out in Azure Arc. If you happen to want to delete a machine that you've added through your Azure Arc, you can click into its context menu and choose Delete. I'm not going to do that because I want to continue managing this VM through the Azure Arc service.
So that's been a whirlwind tour of Azure Arc and one of the options that it enables for you, which is applying policies to your on-premises servers and servers from other cloud providers in a consistent manner with your Azure VMs. Thanks for watching.